Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking the hash/signature of cached providers using the Terragrunt Provider Cache server #3047

Closed
levkohimins opened this issue Apr 10, 2024 · 0 comments · Fixed by #3055
Closed

Checking the hash/signature of cached providers using the Terragrunt Provider Cache server #3047

levkohimins opened this issue Apr 10, 2024 · 0 comments · Fixed by #3055
Assignees
@levkohimins
Labels
bug Something isn't working

Comments

@levkohimins
Copy link
Contributor

levkohimins commented Apr 10, 2024
edited
Loading

Describe the bug

When implementing the Terragrunt Provider Cache server, to speed up terraform init, it was decided to use TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE, which allows you to create a lock file super quickly, but this has its drawback, it completely trusts the files from the cache and does not check their cache and signature.

The discussion started from #3001

To Reproduce
terragrunt run-all apply --terragrunt-provider-cache

Expected behavior
Every time Terraform requests a provider, Terragrunt Provider Cache should download the hash and signature from the remote registry to check and ensure that the cached provider is not corrupted.

Versions
@levkohimins levkohimins added the bug Something isn't working label Apr 10, 2024
@levkohimins levkohimins self-assigned this Apr 10, 2024
This was referenced Apr 10, 2024
Merged
Merged
@ZachGoldberg ZachGoldberg assigned denis256 and unassigned levkohimins Apr 12, 2024
@levkohimins levkohimins assigned levkohimins and brikis98 and unassigned denis256 and brikis98 Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@levkohimins levkohimins

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add hash and signature checks for cached providers. gruntwork-io/terragrunt
3 participants
@brikis98 @denis256 @levkohimins